Lucene search

MitreCVE-2006-1117

HistoryMar 09, 2006 - 1:06 p.m.

CVE-2006-1117

2006-03-0913:06:00

mitre

web.nvd.nist.gov

ncipher

firmware

v10

remote attackers

encryption keys

brute force

security vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.014

Percentile

86.2%

JSON

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

Affected configurations

Nvd

Node

ncipherdse200_document_sealing_engine

ncipherncore

nciphernforce

nciphersecuredb

nciphertime_source_master_clock

Node

nciphernethsmMatch2.0

nciphernethsmMatch2.1

nciphernethsmMatch2.1.12_cam5

nciphernshield

ncipherpayshield

VendorProductVersionCPE
ncipherdse200_document_sealing_engine*cpe:2.3:a:ncipher:dse200_document_sealing_engine:*:*:*:*:*:*:*:*
ncipherncore*cpe:2.3:a:ncipher:ncore:*:*:*:*:*:*:*:*
nciphernforce*cpe:2.3:a:ncipher:nforce:*:*:*:*:*:*:*:*
nciphersecuredb*cpe:2.3:a:ncipher:securedb:*:*:*:*:*:*:*:*
nciphertime_source_master_clock*cpe:2.3:a:ncipher:time_source_master_clock:*:*:*:*:*:*:*:*
nciphernethsm2.0cpe:2.3:h:ncipher:nethsm:2.0:*:*:*:*:*:*:*
nciphernethsm2.1cpe:2.3:h:ncipher:nethsm:2.1:*:*:*:*:*:*:*
nciphernethsm2.1.12_cam5cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:*:*:*:*:*:*:*
nciphernshield*cpe:2.3:h:ncipher:nshield:*:*:*:*:*:*:*:*
ncipherpayshield*cpe:2.3:h:ncipher:payshield:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ncipher	dse200_document_sealing_engine	*	cpe:2.3:a:ncipher:dse200_document_sealing_engine::::::::
ncipher	ncore	*	cpe:2.3:a:ncipher:ncore::::::::
ncipher	nforce	*	cpe:2.3:a:ncipher:nforce::::::::
ncipher	securedb	*	cpe:2.3:a:ncipher:securedb::::::::
ncipher	time_source_master_clock	*	cpe:2.3:a:ncipher:time_source_master_clock::::::::
ncipher	nethsm	2.0	cpe:2.3:h:ncipher:nethsm:2.0:::::::*
ncipher	nethsm	2.1	cpe:2.3:h:ncipher:nethsm:2.1:::::::*
ncipher	nethsm	2.1.12_cam5	cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:::::::*
ncipher	nshield	*	cpe:2.3:h:ncipher:nshield::::::::
ncipher	payshield	*	cpe:2.3:h:ncipher:payshield::::::::

References

secunia.com/advisories/19137

securitytracker.com/id?1015718

www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security

www.securityfocus.com/archive/1/427151/100/0/threaded

www.securityfocus.com/bid/17012

www.vupen.com/english/advisories/2006/0862

exchange.xforce.ibmcloud.com/vulnerabilities/25063

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.014

Percentile

86.2%

JSON

Related for CVE-2006-1117